As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Sundaram Lakshmanan of Lookout looks out at the digital transformation of the world and how we can build a data security strategy around it.
We are just starting to see the benefits of the new hybrid workforce and the rapid cloud adoption that has taken place over the past couple of years. While these recent advancements have provided significant productivity boosts for organizations, they have also created significant gaps in the visibility and control that IT and security teams exercise to protect users and assets. With the steep hike in high-profile ransomware attacks and data breaches this year, it’s clear that attackers are primarily after one thing– your data.
Protecting data may sound simple, but it’s not, especially when it’s moving through cloud environments and in use by a scattered workforce. The pandemic and the move to the cloud have fundamentally altered where your users are connecting from and where your data resides. Users are now operating outside the physical boundaries of offices using unmanaged devices, networks, and even software to stay productive from anywhere. As a result, traditional security has little visibility and control over how your data is being handled and cannot keep up with the new risks from cloud environments and personal devices. With 66 percent of IT professionals reporting increased security incidents and requests due to remote work, according to this 2020 report, you need to rethink how you manage and secure data.
Digital Transformation: Taking a Unified Approach to Data Security
The Cloud Has Made Everything More Complex
To manage digital transformation overnight, many organizations had to string together endpoint products to protect their data quickly. As a result, the average enterprise has 76 security products, each made for an individual use case, according to a 2021 survey from Ermetic. But this means that your already-strained IT and security teams are now forced to juggle countless tools in an attempt to get a holistic picture of their organization’s posture. Instead of focusing on strategic issues and improving user experience, IT and security teams have to devote most of their time to managing this complex infrastructure.
While each company’s journey to deploying a modern zero-trust strategy will look different depending on its individual needs, there are three requirements to consider when building an effective data security strategy.
- Consolidate and modernize your IT security infrastructure. Even if you deploy cloud-delivered security tools, without consolidating them your visibility and controls are dispersed across a patchwork of apps. This makes it almost impossible to determine if there is a major attack underway or have any consistent way to enforce policies. This proves costly, both in operations costs and security risks that can lead to data breaches. Integrating adjacent security tools into a single platform not only cuts down on workload but also enables the entire business. You have a single set of insights and policies that protects your apps and data in one place. This also removes the need to duplicate efforts: once a policy for one app is written, it can automatically be applied to new apps you choose to onboard.
- Provide adaptive access to your hybrid workforce. The other issue at hand is that your workforce needs to stay productive. At the same time, you need to protect your data in environments that are not controlled by your organization. It’s no longer an option to simply turn off access, as a policy like this would significantly impair an employee’s ability to get their job done. To enable productivity, you need to provide users seamless access to data and apps that they are authorized to use, but only after they verify their risk level. This type of dynamic access requires rich telemetry that includes data on end-user behavior and the risk level of the endpoints they use, to mitigate against threats like malware or insider threats. On the flip side, it’s equally important to know the sensitivity of the data your users are accessing. To ensure your workers have what they need to stay productive while also safeguarding sensitive data, policy enforcement should be able to map risk with data sensitivity. For instance, do not allow downloads of your customer data on employees’ personal devices.
- Understand and take granular actions on your data. In addition to adaptive access for your users and endpoints, you need to look at the data itself. With your sensitive information sprawled across countless apps, it becomes difficult to manage all the data you own. By understanding the sensitivity level of the data your users are connecting to, you can make access decisions that are efficient and enable productivity. Rather than simply allow-deny access, you should take much more granular actions, such as turning off downloading, redacting keywords, or watermarking for risky users or endpoints. In addition to these soft actions, it’s critical that you have control over your data even when it leaves your sphere of influence. This requires proactive protection whenever sensitive information is taken out of your infrastructure. Often, when data is leaked accidentally or exfiltrated on purpose, you have no control over it. But with easy-to-use encryption that wraps around the data, you can request additional authentication whenever the data is viewed so that only authorized users can access it.
Be the Change You Wish to See in the Workforce
The massive changes in your workforce and the move to the cloud present challenges– but also unique opportunities. When it comes to data security strategy, you really have two options. You can either build your own solution by assembling multiple tools, which will be costly and difficult to manage, or make use of a unified solution. The latter has the benefit of being able to provide a holistic picture of security with centralized insights, which is paramount for protecting your most sensitive data.
A unified platform can enable your IT and security teams to securely access corporate data through highly flexible policies that consider the fluctuating risk of both the user, and the endpoint as well as the sensitivity of the data they’re trying to get to. This “parsimonious” approach ensures that data stays out of harm’s way while providing a smooth user experience.
- Protecting Data Amid Digital Transformation Requires a Unified Approach - November 8, 2022